How Jeff Bezos iPhone Was Hacked Through A Whatsapp Message From Saudi Arabia’s Crown Prince
A surveillance software was allegedly installed on Amazon CEO and Washington Post owner, Jeff Bezos’s iPhone X by Saudi Crown Prince Mohammed bin Salman.
This has prompted the United Nations to call for an investigation following the reports that Amazon CEO and Washington Post owner Jeff Bezos was hacked by Saudi Crown Prince Mohammed bin Salman in 2018 via WhatsApp, with digital surveillance software allegedly installed on Bezos’ phone.
- The UN described the alleged hacking as a “contravention of fundamental international human rights standards,” and that it “demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince.”
- According to a digital forensics report commissioned by Bezos and turned over to the UN, the details of which were first reported by the Guardian, a malicious video file sent from Mohammed bin Salman to Bezos on WhatsApp was responsible for the hack.
- Large amounts of data were taken from Bezos’s phone within hours of the infected file being sent.
- Bezos and bin Salman exchanged numbers at a Los Angeles Dinner in April 2018, and the video message was sent to Bezos unexpectedly, according to the report, which was obtained by Motherboard.
- The report’s findings raise questions about over who the Saudis were monitoring in connection to slain Washington Post columnist Jamal Khashoggi and how the National Enquirer obtained Bezos’s private texts that exposed an extramarital affair last year.
- It is unclear where the information taken from Bezos’s phone went or how it was used, but it undermines previous claims made by the Saudis that they weren’t surveilling Bezos and others connected to Khashoggi, who was killed inside a Saudi embassy in Istanbul, Turkey last year apparently because he wrote columns critical of the Saudi government. The CIA has since concluded that bin Salman personally ordered Khashoggi’s assassination, which he has denied.
How is it that even the richest man in the world can have his phone hacked with a simple WhatsApp message?
Saudi Arabia has denied the allegations a 2018 message from the Saudi Crown Prince Mohammed bin Salman ended in Bezos’ phone being compromised, labeling the reports “absurd.” If Saudi Arabia ordered any kind of hack of Bezos’ device, it would indeed be absurd—absurdly dangerous, with ramifications for any person of interest to the Saudis.
The consequences also stretch to any iPhone or WhatsApp user, with further evidence that government-backed hackers have direct routes into their personal lives. Whoever was behind the breach of Bezos’ data has shown how even when someone spends millions on personal security, their iPhone (or Android, or any modern smartphone) can be their Achilles’ heel.
In the last year, a hack on a human rights lawyer showed how a simple missed call could bypass all of Apple’s and WhatsApp’s protections. In the case of Bezos, it was reportedly a video file sent in 2018 that led to the infection of his device. Whether it was just very personal images that were pilfered, or more sensitive data around any of Bezos’ holdings, from Amazon to the Washington Post, the hacks could’ve been catastrophic, certainly more troublesome than some salacious articles about romantic affairs.
“It’s a real eye-opener,” says Dr. Ian Brown, an independent consultant on security and privacy technologies. “The market for zero-day vulnerabilities and the availability of surveillance tools using them are well-known. Maybe it takes an episode like this—and an angry richest man in the world—to get the legal and computing changes we all need to protect against them.” (Neither Apple nor WhatsApp had commented at the time of publication.)
Dr. Brown says there are more secure operating systems in development, pointing to two niche platforms, QubesOS and seL4. “You wouldn’t get to 100% unhackable, but you would get very significantly further than today, and also be able to greatly reduce the impact of most breaches through much better compartmentalization and protection of personal data on devices,” he tells Forbes.
Concerned users would be wise to compartmentalize as best as they can on their current devices. For instance, separating work and personal phones might better protect different kinds of data.
Of Bezos and brinksmanship
Journalists and activists have long been targeted by such advanced digital tools. But the move against the richest man in the world suggests these tactics are moving out of the shadows and raise the question: Which other businesses, and business leaders, have been targeted and why?
And it’s not just the tools that are causing anxiety. One wonders where nation-states will stop in their outlandish intelligence efforts on high-profile individuals. If MBS did send the message that led to Bezos’ embarrassment, which it wholly denies, then the Saudi Arabian regime has yet again tested what it can get away with. After the murder of Washington Post columnist Jamal Khashoggi, and the alleged surveillance of his confreres, are there no limits to the nation’s brinksmanship?